PSP License Terms and Conditions

PSP License Terms & Conditions

General

  • Business Operation Commencement: The applicant can only start operations after completing compliance requirements and obtaining a license from the Central Bank of Oman (CBO).

  • Document Submission: All required documents must be submitted in hardcopy and softcopy formats in a sealed envelope to the Executive Vice President – Supervision and Regulation Sector at CBO.

  • Minimum Capital Requirement: The minimum paid-up capital required is OMR 500,000, which must be maintained continuously. CBO reserves the right to revise this amount in the future.

  • Legal Entity Establishment: Applicants must establish an independent legal entity as a Payment Service Provider (PSP), or provide justification for an alternative structure.

  • Application Fee: An application fee of OMR 500 must be paid at the time of proposal submission to CBO.

  • Annual License Fee: An annual fee of OMR 5,000 is due in January each year after license approval.

  • Capital Deposit Requirement: CBO may require a financial guarantee or Capital Deposit with the Central Bank.

  • Contribution to National Payments System: CBO may charge licensed PSPs for operational costs related to national payments systems, determined by business size.

  • New Product/Service Approval: Approval from CBO is required for new services, excluding technical integrations with third-party systems.

  • Annual Risk Assessments: PSPs must conduct annual risk assessments for their operations and implement adequate risk mitigations.

  • No Sponsoring Agreement Allowed: Applicants cannot enter agreements allowing third parties to sponsor their PSP license.

  • Bank Settlement Requirement: A licensed bank in Oman must be appointed to settle daily transactions in the RTGS system.

  • CBO Examination: Operations licensed by CBO are subject to regular examination.

  • Compliance with CBO Directives: Applicants must follow relevant payment system operating rules and CBO directives.

  • Additional Requirements: CBO may impose additional requirements as deemed necessary.

Documentation Requirements

  1. Cover Letter: Signed PSP license request letter by an authorized official.

  2. Entity Details: Information on entity's legal form, owners, vision, and strategy.

  3. Comprehensive Feasibility Study:

    • Details of intended CBO payment systems and process flow.

    • List of payment services and proposed fees.

    • Audited financial statements for five years or five-year forecasting.

    • Business plan and five-year projection.

    • Roadmap for future products and services.

  4. Additional Documents:

    • Updated Commercial Registration (CR).

    • IDs/passports of major shareholders (5% or more) and Board of Directors.

    • Company’s Article of Association (AoA).

    • SWOT analysis.

  5. System & Procedure Manual: Must be approved by the Board of Directors.

  6. Governance Framework: Document approved by CBO detailing organizational structure and internal controls.

  7. Outsourcing Policy: Compliance with CBO guidelines including due diligence for third-party selection.

IT Infrastructure & Information Security

  1. IT Infrastructure Details: A comprehensive overview is required showing hardware, software, and network.

  2. Site Requirements: Main and backup sites must be identical with the same resources for recovery.

  3. Secure SDLC: Security controls must be integrated throughout the system development process.

  4. Deployment Architecture: Should illustrate high availability with no single point of failure.

  5. RPO/RTO Values: For critical payment services, ensure replication and data retention processes are in place.

  6. Data Control: Define data classification and segregation by the hosting provider.

  7. BankNet Connectivity: Must connect to the BankNet MPLS network at the applicant's expense.

  8. Business Continuity Strategy: Must include recovery plans, testing, and training aligned with international standards.

  9. Vulnerability Assessment: Annual testing for vulnerabilities.

  10. PCI-DSS Standards: Compliance with PCI-DSS and encryption standards is required.

  11. CBO Access: CBO officials must have access to the entire IT/IS infrastructure for audits.

  12. Confidential Data Protection: Sensitive customer data must not be accessible to third parties without CBO approval.

Payment Systems Integration Guidelines

  • Mobile Payment Integration: Comprehensive process flows and adherence to MPCSS rules.

  • OmanNet Payment Gateway: Compliance with OmanNet system operating rules and testing processes.

Regulatory Reporting, Oversight & Examination

  1. External Auditor Appointment: Required in line with CBO guidelines with reports published on the website.

  2. Document Maintenance: All evidences must be stored for a minimum of ten years.

  3. Access for CBO: CBO examiners must have access to essential reports and vendor activities.

AML & KYC Requirements

  1. AML Compliance: Adherence to anti-money laundering laws and regulations.

  2. KYC Obligations: Must include FATCA, CRS data capturing.

  3. Due Diligence Responsibility: KYC verification is the applicant's responsibility.

  4. Documentation: Maintain KYC records in compliance with CBO.

  5. Regular Updates: Updates to customer KYC documents must be obtained regularly.

  6. In-House Functionality: Critical functions should be managed internally by the applicant.

Organization Structure & Manpower

  1. HR Policy Manual: Must be approved by the Board of Directors.

  2. Segregation of Duties: Clear division of responsibilities within the organization.

  3. Compliance Officer: An appointed officer to liaise with CBO.

  4. Third-Party Dependencies: Detailed listing and justification of outsourcing.

  5. Critical Functions Management: Functions like fraud management must be internalized.

  6. Omanisation Requirement: Maintain a minimum of 75% Omanisation.